Configuring the Syslog server to send MongoDB audit events

Configuring the Syslog server to send MongoDB audit events

The Rsyslog service is used to send MongoDB events to the KUMA collector.

To configure the Syslog server to send events:

Create a backup copy of the /etc/rsyslog.conf configuration file.
Edit the /etc/rsyslog.conf file in one of the following ways:
- To send audit events to the KUMA collector over UDP, add the following line:
  user.info @<IP address of the KUMA collector>:<port of the KUMA collector>
- To send audit events to the KUMA collector over TCP, add the following line:
  user.info @@<IP address of the KUMA collector>:<port of the KUMA collector>
MongoDB default values are specified for the syslog severity level and syslog facility level parameters.
Save the changes made to the /etc/rsyslog.conf file.
Restart the Rsyslog service:
systemctl restart rsyslog.service

The Syslog server is configured to send events.